cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
David_Won
David_Won inside Policy Management 3 hours ago
views 13

Modifying User Permissions

Problem with R80.10 Previously on R77.30 our help centre would create all user accounts and add them to the correct user groups to determine access to various resources through VPN. In R80.10 the user groups tab has been removed from the user configuration screen. The only way to configure now is to manually open each user group and add the user that way. Now for our issue. The help desk is not able to do this. They have read only showing. Example here If I edit their permissions profile the only way I'm able to allow them to edit user groups is if I give them write access to common objects. Unfortunately this also gives them access to be able to literally delete one of my firewalls from the console. Not cool. Anybody know what the minimum permissions required to create and edit users would be?
CHINMAYA_NAIK
CHINMAYA_NAIK inside Policy Management 9 hours ago
views 383 3

Failed to delete OLD Cluster object Error "gatewayStaticProfilesConfiguration" after migrate import

We are doing migration from IPSO 75.40 to GAIA R80.20.Migrate import is successfully done.But when we are going to delete the OLD cluster object then unable to delete that object getting error "gatewayStaticProfilesConfiguration". Already follow the sk140372 but as per the we unable to see any gateway object. Pls help. #Chinmaya
Dor_Marcovitch
Dor_Marcovitch inside Policy Management 14 hours ago
views 25

OSFP Route during cpstop

hey,is there any option to keep routes learned by OSPF during cpstop?thanks
Don_Paterson
Don_Paterson inside Policy Management yesterday
views 238 5

Debug

Is there a plan to simplify the debug processes / procedures in the main train products or would it be a good idea to consider adding this? In other words, will there ever be a single command, for example 'debug' to use for debugging anything (and everything) in the Security Management and MDSM and Security Gateway products. Reason for asking is that it seems to be sometimes complicated to run a debug, which a customer may want to do in order to resolve issues themselves without getting support involved. Debugging fwd or fwm for example is fairly straightforward but a full debug of a policy installation has become much more complicated since R80. Thanks, Don
GGiorgakis
GGiorgakis inside Policy Management yesterday
views 40

Where is located the file for schedule time for log?

hi guys i am looking to modify this type of file but cannot find it through object explorer.Any idea?
Lesley_Willems2
Lesley_Willems2 inside Policy Management yesterday
views 1234 5

Application Control AD service not matching

Hi all, I'm trying to use the predefined AD service in a access rule but the rule will not be hit. Traffic is from cliënt to domain controller. The AD service comes from the application/categories which is in the object categories. Is it even possible to use it in the way as I decribed? Manual made services will match the rule. TIA!BR,Lesley
HS
HS inside Policy Management Tuesday
views 297 13

Hotfix Ongoing Take 87

Hi,we need to get protect against CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479: TCP SACK PANIC - Linux Kernel vulnerabilities. Refer to sk156192.We are running R80.20 take 17 and we don't find any Checkpoint official documentation about the hotfix take 87. Does anyone already install the ongoing take 87. We don't have idea the minimal requirements for take 87 ? We are under take 17 far away from general availability take 47. Install take 87 before take 47 it is good idea ?thank you for help.
Stephan_Lanfer
Stephan_Lanfer inside Policy Management Monday
views 97 4

R80.20.M2 Silent Install

Hello,are there any silent install parameters for the SmartConsole.exe for R80.20.M2?The old "smartconsole.exe -s" doesn't work anymore!RegardsStephan
Blason_R
Blason_R inside Policy Management Sunday
views 206 6 1

Unable to connect to McAfee SIEM via LEA after upgrade to R80.20

Hi Folks,I just migrated Smart-1 appliance from R77.30 to R80.20 however after migration observed that SIEM servers could not pickup the logs via LEA. Any help is greatly appreciated.
GGiorgakis
GGiorgakis inside Policy Management Saturday
views 74 2

Can we control download bandwidth from appControl in R80.20?

Can we control download bandwidth from appControl in R80.20?For example can i limit the bandwidth only when download from youtube?
Alan_Dressner1
Alan_Dressner1 inside Policy Management Friday
views 71 1

SmartMove Policy Creation and future requests SmartMove_5_1_7078_13288

At the time of this writing the current version is SmartMove is SmartMove_5_1_7078_13288.When I use this tool to covert a Cisco ASA policy the tools creates the layers but does not associate the layers with the policy. I have to manually copy the rules from the layers and paste them into the correct policy.I would also like to see the the following options added if possible to the tool for better functionality:1.) add an option to create the policy in in-line mode or ordered.2.) add an option to use set-if-exists in the scripts3.) add an option to use a specific user to run the scripts. It is better to review the created policy without auto publishing. Sometimes what the tool creates and what is needed are not the same.4.) add an option to help avoid creating duplicate objects
Tomer_Sole
inside Policy Management a week ago
views 3600 13 17
Mod

Did you know? SmartConsole Tags

R80 and R80.10 provide a new feature for ease of security management: Tags.We have presented it in Check Point conventions dating back to 2013 - it's time that we discuss them at CheckMates as well The purpose with tags is to ease the searches and associations of objects. You can tag any object from its Object Editor, as well as with the Security Management CLI or API. You can then search for all objects that belong to a specific tag.In the Object Explorer:When picking objects in places like security policies:In addition of simplified user experience, Tags have good value in the world of automation and orchestration.
Lijo_mathai
Lijo_mathai inside Policy Management a week ago
views 195 10

Unable to clone policy package in R80.20

Hi, after upgrading to R80.20 and applying take 47, i am unable to clone the existing policy package. Is there anything i am missing. I checked there is no validation error for the name i used to clone, but still i am unable to clone the policy. Attached is the error i faced.
kobilevi
kobilevi inside Policy Management 2 weeks ago
views 127 4

Can checkpoint Block Acces by Geo for only 1 or more object?

helloi using check point R80 gaia managment i want to enable access by location to my local web site , can i do it? **(enable geo policy by access policy to 1 or more objects)
Blason_R
Blason_R inside Policy Management 2 weeks ago
views 128 3

Facing enormous issues while upgrading from R77.30.03 to R80.30

Hi Team,I have Smart-1 210 with initially gone for On-prem Capsule DOCS & Capsule Workspace integrated with on-prem Exchange server. Even have installed Reverse proxy patch installed on mgmt appliance.Now I have been struggling to upgrade as migrate export is giving me issues even after excluding epm db. Since later customer did not have used DOCS we stopped EPM blade and install database so hopefully, EPM must have de-activated.But still, I am unable to take migrate export for the of-line upgrade. Even Pre-upgrade verifier is failing and I believe this is all due to EPM blade?What is the other way as I do not have any redundancy for Mgmt server since that is an appliance.Can someone please suggest?******************[Expert@xxxx-xxxx:0]# ./pre_upgrade_verifier -p $FWDIR -t R77 -t R80.30 -f output.txtReadFwsetFromSqlFile: 2 Error reading from database for file /opt/CPsuite-R77/fw1/conf/grc_test_elements.sqlite. Error is:********************Expert@xxxx-xxxxx:0]# ./migrate export xxx-xxxx.tgzExecution finished with errors. See log file '/opt/CPshrd-R77/log/migrate-Sun_Jul__7_11-06-21_2019.log' for further details.###################[7 Jul 11:06:21] .<-- GetVersionString[7 Jul 11:06:21] .--> UpgradeMacroReplacer::Instance[7 Jul 11:06:21] .<-- UpgradeMacroReplacer::Instance[7 Jul 11:06:21] .--> UpgradeMacroReplacer::Instance[7 Jul 11:06:21] .<-- UpgradeMacroReplacer::Instance[7 Jul 11:06:21] .--> ExecCommandGetOutput[7 Jul 11:06:21] [ExecCommandGetOutput] Going to execute command: '"/opt/CPsuite-R77/fw1/bin/upgrade_tools/././pre_upgrade_verifier" -p "/opt/CPsuite-R77/fw1" -c 6.0.4.0 -t 6.0.4.0'[7 Jul 11:06:23] [ExecCommandGetOutput] ERR: Command completed with error code -1[7 Jul 11:06:23] .<-- ExecCommandGetOutput[7 Jul 11:06:23] [PreupgradeVerifierRunner::exec] ERR: Preupgrade verifier had failed[7 Jul 11:06:23] [PreupgradeVerifierRunner::exec] Preupgrade verifier's output:-------------------------------------Plugin upgrade match command failedWarning: Can't find ::CPSB-NGEP in cp.macro. License version might be not compatible-------------------------------------[7 Jul 11:06:23] <-- PreupgradeVerifierRunner::exec[7 Jul 11:06:23] [ActivitiesManager::exec] ERR: Activity 'PreupgradeVerifierRunner' failed[7 Jul 11:06:23] [ProgressUpdater::UpdateProgressToGaia] Progress Updated to '25[7 Jul 11:06:23] [ActivitiesManager::exec] WRN: Activities execution finished with errors[7 Jul 11:06:23] [ActivitiesManager::exec] WRN: Activities 'PreupgradeVerifierRunner' have failed[7 Jul 11:06:23] [ActivitiesManager::exec] Designated exit code is 1######################